Goodnotes Privacy Policy

Last Updated: September 2025

Old Version: July 2025, September 2024, August 2023

Protecting your privacy at Goodnotes

Your privacy matters to us as much as it does to you. At Goodnotes, we take great care in handling your personal data safely and responsibly.

Our privacy principles:

  • We never sell or rent your data or notebook content to third parties.
  • We don't access or collect data from your notebooks or documents without your permission.
  • We use limited, anonymized data to improve our services and meet legal obligations.

Data sharing policy:

We only share your data:

  • When you explicitly give us permission to do so and with the third parties specifically identified in this policy
  • To protect the rights, property, or safety of us, our customers, or others.

What we collect:

  • Basic personal data (name, email, country) when you register.
  • Anonymous statistical data (crash frequency, feature usage) to enhance the app experience.

If data is shared with third parties, we ensure they are bound by data protection agreements or confidentiality obligations. Please read our comprehensive Privacy Policy for more details. We update this regularly to follow the latest laws and best practices.

  • Goodnotes Limited and its affiliates (the "Company", "Goodnotes", "we", "our" or "us") are committed to protecting and respecting your privacy. We are a company with our registered office at 1 Bartholomew Lane, London, United Kingdom, EC2N 2AX. This privacy policy (or "Policy") sets out the basis on which any data and information the Company collects from you will be processed by the Company during your interactions with us, including through your use of the Goodnotes services, which includes the Goodnotes application and any other product or services that links to this Policy), as well as all functionality that Goodnotes makes available and any other product or services that links to this Policy (collectively, the "Services"). 

    Goodnotes provides the Services to: (i) commercial customers and educational institutions who procure the Services on behalf of their own end users on a business-to-business basis ("B2B Users"); (ii) individual customers who access the Services via the Goodnotes application ("End Users"); and (iii) individuals who visit or communicate with us via the Goodnotes website and our Goodnotes Help Centre ("Website Users"). We have outlined in this Policy which sections of the Policy shall apply to B2B Users, End Users and Website Users respectively.

    Please note that we may provide you with additional privacy information which relates to our collection and processing of your data in the context of your use of specific Services. Any such additional privacy information should be read in conjunction with this Policy.

  1. 1. What kind of data is being collected and how do we collect it?

    We may collect and process "Personal Data" (which is defined as any data that identifies or can be used to identify you) about you when you visit, install, download, access, register for or use our Services, or contact us in relation to the Services. The nature of the Personal Data that we may process will be determined by how you are using our Services. We will only use your Personal Data as set out below and always in accordance with applicable data protection laws, including but not limited to the European Union's General Data Protection Regulation 2016/679 (the "EU GDPR"). together with the version of the EU GDPR which is incorporated into the domestic law of the United Kingdom (the "UK GDPR") (the EU GDPR and the UK GDPR are collectively referred to as the "GDPR"). We do not collect special categories of Personal Data (as defined in the GDPR), which means Personal Data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, trade union membership, genetic and biometric data, or data concerning health, sex life or sexual orientation. We do not expect our users to share or provide us with special categories of Personal Data.
    1. B2B User Data 
      1. Information that you provide to us:

        Depending on the relevant circumstances and applicable local laws and requirements, we will collect some or all of the information listed below in relation to individuals at your organisation to enable us to provide our Services to you. To the extent applicable, such information may include
        • basic Personal Data about you (personal identifiers and contact information such as first name, family name, email address, organisation/education institution details, country and your language);
        • information that someone in your organisation or education institution has chosen to tell us or share through a Service or that you have chosen to tell a Goodnotes staff member;
      2. We may attend conferences, trade shows, and other events where we collect contact information from individuals who interact with or express an interest in the Services.
      3. To the extent that you access our website, we will also collect certain data from you. If you would like more information about this, see Section 1.3 – Website Users.
      4. Goodnotes requires B2B Users to communicate the relevant parts of this Policy to any individuals whose Personal Data may be processed by Goodnotes in connection with the B2B User's receipt of the Services (e.g. relevant individuals at your organisation who act on behalf of the B2B User).
      5. Please note that when we provide our Services to an B2B User, we generally process the personal data of their authorised licensees (e.g. their employees, personnel and contractors) as a processor on behalf of the B2B User. However, there may be circumstances under which we need to process the personal data of B2B Users' authorised licensees for our own purposes as a controller e.g. to comply with our legal obligations or if we use the authorised licensees' data in the context of marketing to them or their use of the Goodnotes AI Features (see section entitled "Goodnotes AI" below for more detail). In these circumstances, these authorised licensees will be treated as End Users for the purposes of this Policy. Goodnotes requires B2B Users to communicate the relevant parts of this Policy to its authorised licensees.
    2. End User Data
      1. Information that you provide to us: Depending on the relevant circumstances and applicable local laws and requirements, we will collect some or all of the information listed below in relation to you to enable us to provide our Services to you. To the extent applicable, such information may include;
        • basic Personal Data about you (personal identifiers and contact information such as first name, family name, email address, country and your language);
        • for certain support requests and issues, we may ask you to export and send us diagnostic data of your Goodnotes application which includes information necessary to diagnose and resolve issues you might experience with our Services including the titles of your documents, folders, and imported files;
        • any information that you choose to share through the Services which may be considered Personal Data, including any information that you upload containing details about you. But please note that we will not:
          • access or collect data (including any Personal Data) from your notes or documents without your consent; or
          • use your handwriting data to create an individual digital template or profile for the purpose of identifying you, and we therefore do not consider that we process any biometric data about you;
          • if you make a purchase, your credit card or debit card information (such as card type and expiration date) and other financial data that we need to process your payment may be collected and stored by third party payment processors with which we work. We may also collect some limited information, such as your postal code and details of your transaction history.
        Goodnotes Services are not intended for use by covered entities (as such term is defined in the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) in the United States) for the transmission of Protected Health Information (as defined by HIPAA, 45 C.F.R. § 160.103), nor intended for the transmission of sensitive personal information (as defined by the California Consumer Privacy Act, Cal. Civ. Code §1798.140(ae), as amended) such as payment card or financial information (except when making a purchase), so please do not share this information with us.
      2. Information that we automatically collect or generate about you:
        When you use our Services, we automatically receive and collect information about you and your device. This includes:
        • any information regarding the Services accessed and/or used by you and our interactions with you;
        • a file with your contact history to be used for enquiry purposes so that we may ensure that you are satisfied with the Services which we have provided to you;
        • usage data when you visit or otherwise use the Services, including details of the location of the device used and IP address;
        • marketing and communications data collected regarding marketing, promotions and communicating new features; and
        • activity data relating to your usage of the Services, which reveal your preferences, interests, or manner of use of the Services and the times of use, e.g., IP address, device type, other unique device identification, storage usage, data usage, time zone settings, etc.
        Where possible, we anonymise statistical data about End Users and how they interact with the Services by using unique identifiers which are linked to user accounts but do not contain any Personal Data.
      3. Information we obtain from other sources:
        We sometimes collect Personal Data provided to us by third parties, service providers, agencies or other publicly available sources where applicable. This includes (by way of non-exhaustive list):
        • social media features which may collect your IP address;
        • which page you are visiting on one of our sites or sub-domains; and
        • usage data when you visit or otherwise use the Services, including details of the location of the device used and IP address;
        • the use of Cookies to enable the feature or Service to function properly.
        • Features may also allow third party social media services to provide us with information about you, including your name, email address, and other contact information. The information we receive is dependent upon your privacy settings with the third-party social media service.
        Features are either hosted by a third party or hosted directly in the Goodnotes Services. Your interactions with these features are governed by the privacy statements of the third-party companies providing them. You should always review and, if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to our Services.
      4. To the extent that you access our website, we will also collect certain data from you. If you would like more information about this, see Section 1.3 – Website Users.
    3. Website User Data
      1. Information that you provide to us and Personal Data we may collect:
        When you get in contact with us via our website, you provide us with your Personal Data, in the form of your name, email address and any other information that you choose to tell us either through communications that you send to us which pass through our servers.
      2. Information that we automatically collect or generate about you:
        We collect a limited amount of data from our Website Users that we use to help us improve your experience when using our website and to help us manage the services we provide. Such information may include (by way of a non-exhaustive list):
        • how you use our website;
        • the frequency with which you access our website;
        • internet protocol (IP) address
        • location and time zone; and
        • the language you choose to view our website in.
        We collect your data automatically via Cookies, in line with your Cookie settings in your browser. If you would like to find out more about Cookies, including how we use them and what choices are available to you, see Section 13 – Cookies.
    4. Customer Support Data
      1. If you make enquiries via the Goodnotes Help Center by using our submission form, interacting with our Answer Bot or by raising a customer support ticket to report an issue, we will process some of the Personal Data that we have set out above (e.g. basic Personal Data such as your personal identifiers and contact information and information that we automatically collect or generate about you such as your IP address and device type) together with any information that you include in your enquiry and that forms part of the chat log documenting our interaction ("Customer Support Data").
      2. It is not our intention to collect any sensitive or special category Personal Data about you (including any data relating to race or ethnic origin, political opinions, religious or other similar beliefs, trade union membership, physical or mental health, sexual life or criminal record or that is otherwise confidential or privileged) in this context and we ask that you do not include any such data in the enquiries that you send to us.
      3. We will use Customer Support Data to respond to your enquiries and we may use AI models to assist us with this e.g. to generate replies and summarise the contents of customer support tickets that you have raised. We may also anonymise Customer Support Data (e.g. by passing customer support tickets you have raised through a cleansing system to remove all Personal Data and summarise their contents) and use the anonymised information for other customer support related purposes including troubleshooting, data analysis, testing, security, and research.
    5. Goodnotes AI
      1. The Goodnotes AI features add certain artificial intelligence technology functionalities (as communicated by us from time to time) to our Services.
      2. To help us provide and improve the Goodnotes AI features (including by training the AI model that powers the Goodnotes AI features, and carrying out analytics to better understand queries/prompts from different types of users and to troubleshoot issues), we will collect, use, store, share and otherwise process personal data relating to your use of the Goodnotes AI features where we have obtained your explicit opt-in consent to do so (to the extent this is required by applicable data protection legislation).
      3. This may include any personal data you provide in the form of or contained within:
        • any feedback that you provide to us in relation to or when using the Goodnotes AI features;
        • conversation histories and notebook conversation logs of your interactions with us when using the Goodnotes AI features;
        • any text, documents, or other materials and content that you submit when using the Goodnotes AI features (“Input”) and any responses generated by the Goodnotes AI features based on your Input (“Output”); and
        • any other data contained in your Notebook and Library that you access when using the Goodnotes AI features
      4. We may share this personal data with third-party providers that we use to provide the functionality for the Goodnotes AI features (see section entitled "Who is my data disclosed to?" below).

  2. 2. What is this data being used for?

    1. Your Personal Data may be stored and processed by us in the following ways and for the following purposes:
    2. When we use your Personal Data, we make sure that our usage complies with applicable data protection laws. The law allows or requires us to use your Personal Data for a variety of reasons. These include where:
      • we need to do so in order to perform our contractual obligations with our customers and third-party providers;
      • we have obtained your consent;
      • we have legal and regulatory obligations that we have to discharge;
      • we may need to do so in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings; or
      • the use of your Personal Data as described is necessary for our legitimate business interests, such as:
        • allowing us to effectively and efficiently manage and administer the operation of our business and the Services;
        • to enforce contracts and applicable Terms of Use, including investigation of potential violations thereof;
        • maintaining compliance with internal policies and procedures;
        • monitoring the use of our copyrighted materials;
        • enabling quick and easy access to information on Goodnotes Learn and in the provision of the Services; and
        • protect against harm to the rights, property or safety of Goodnotes, our users, customers, or the public as required or permitted by law.
    3. B2B Users
      Why and how we process your information
      To set you up on our systems (including the creation of your account) so that you can enable your end users to use and access the features and functionality provided by the Services.
      Types of Personal Data Used
      • Personal identifiers and contact information.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests and your interests for us to provide our Services to the organisation that you represent and your end users.
      Why and how we process your information
      Storing your details (and updating them when necessary) on our database, so that we can contact you in relation to our activities including changes to our terms or policies or modifications to the products or other important notices.
      Types of Personal Data Used
      • Personal identifiers and contact information.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests and your interests to ensure we have an accurate record of all Enterprise Users and their respective end users that receive our Services so that we can communicate with them.
      Why and how we process your information
      To obtain feedback on the Services from you and your end users via surveys and similar methods.
      Types of Personal Data Used
      • Personal identifiers and contact information
      • Any extra information that you or a member of your organisation choose to tell us or a Goodnotes staff member.
      Legal basis relied upon
      Legitimate interests, namely, it is in our interests to improve and develop our offering by considering your feedback and your end users' feedback and feeding this into our processes where we deem necessary.
      Why and how we process your information
      To provide customer support and respond to customer enquiries
      e.g. via the submission form on our customer support page, our Answer Bot or if you raise a customer support ticket to report an issue.

      Once we have removed all Personal Data from a customer support ticket that you have raised, to use the anonymised information for other related purposes including troubleshooting, data analysis, testing, security and research.
      Types of Personal Data Used
      • Personal identifiers and contact information
      • Any information/selections that you choose to upload or share through the Services or that you choose to tell us or a Goodnotes staff member, including the contents of any enquiries.
      • Customer Support Data
      Legal basis relied upon
      Legitimate interests, namely it is in our interests to respond to customer inquiries and to remedy any issues with the Services and to remove Personal Data from customer support tickets so that we can use the anonymised information for troubleshooting, data analysis, testing, security and research.

      We may also need to process your Personal Data to comply with our legal obligations.
      Why and how we process your information
      To take measures to protect against and try to prevent any potential disruptions or Cyber-attacks, legal processes, governmental requests, and internal policies and procedures.
      Types of Personal Data Used
      • Personal identifiers and  contact information
      • Diagnostic data
      • Personal identifiers and contact information in your organisation has chosen to tell us or that you have chosen to tell a Goodnotes staff member
      • Emails with individuals in your organisation may be recorded.
      Legal basis relied upon
      Legitimate interests, namely, it is in our interests that the provision of the Services to you and your end users is uninterrupted and secure from any cyber-attacks, laws, rules and regulations, subpoenas, legal processes, governmental requests, and internal policies and procedures. We may also need to process your Personal Data to comply with our legal obligations
      Why and how we process your information
      In order to comply with and in order to assess compliance with applicable laws, rules and regulations, subpoenas, legal processes, governmental requests, and internal policies and procedures.
      Types of Personal Data Used
      • Personal identifiers and contact information
      • Information that someone in your organisation has chosen to tell us or that you have chosen to tell a Goodnotes member
      • Emails with individuals in your organisation may be recorded.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests for us to be enabled to establish and evidence compliance with compliance with applicable laws, rules and regulations, subpoenas, legal processes, governmental requests, and internal policies and  procedures. We may also need to process your      Personal Data to comply with our legal obligations.
      Why and how we process your information
      For the management and administration of our  business or in relation to a sale, reorganization,  financing or other similar corporate transaction involving our business.
      Types of Personal Data Used
      • Personal identifiers and contact information
      • Information that someone in your organisation has chosen to tell us or that you have chosen to tell a Goodnotes member
      • Emails with individuals in your organisation may be recorded.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests to ensure that a smooth handover or transition takes place in the context of such a transaction to enable you to continue to receive the Services.
      Why and how we process your information
      For the administration and maintenance of our databases storing Personal Data.
      Types of Personal Data Used
      • Personal identifiers and contact information
      • Information that someone in your organisation has chosen to tell us or that you have chosen to tell a Goodnotes staff member.
      Legal basis relied upon
      Legitimate interests, namely to ensure that our databases are up to date and adequately maintained so that the provision of the Services and our business runs smoothly.
      Why and how we process your information
      To detect, prevent, or otherwise address fraud, security or technical issues.
      Types of Personal Data Used
      • Personal identifiers and contact information
      • Any extra information that you or a member of your organisation choose to tell us or a Goodnotes staff member.
      Legal basis relied upon
      Legitimate interests, namely, it is in our interests for us to detect, prevent and address fraud, security and technical issues to ensure that we are in compliance with applicable laws and regulations, and that the provision of the Services and our business runs smoothly.
      Why and how we process your information
      To help us to establish, exercise, or defend legal claims.
      Types of Personal Data Used
      • Personal identifiers and contact information
      • Information that someone in your organisation has chosen to tell us or that you have chosen to tell a Goodnotes member
      • Emails with individuals in your organisation may be recorded.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests for us to be enabled to establish and defend our legal rights and understand our obligations, and seek legal advice in connection with them.
    4. End Users
      Why and how we process your information
      To allow you to use and access the features and functionality provided by the Services.
      Types of Personal Data used
      • Personal identifiers and contact information.Personal identifiers and contact information
      • Diagnostic data.
      • any information/selections that you choose to upload or share through the Services or that you choose to tell us or a Goodnotes staff member.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests and your interests for us to provide our Services to you.

      To perform a contract with you.

      We will rely on consent if we deem that this is required in the context of a specific Service.
      Why and how we process your information
      To set you up to use the Services, including creating and administering your account.
      Types of Personal Data Used
      • Personal identifiers and contact information 
      • Information that we automatically collect or generate about you 
      • Information we obtain from other sources.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests and your interests for us to provide our Services to you.

      To perform a contract with you.

      We will rely on consent if we deem that this is required in the context of a specific Service.
      Why and how we process your information
      To obtain feedback on the Services via surveys and similar methods, such as interactive features
      Types of Personal Data Used
      • Personal identifiers and contact information 
      • Any information/selections that you choose to upload or share through the Services or that you choose to tell us or a Goodnotes staff member.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests to improve and develop our offering by considering your feedback and feeding this into our processes where we deem necessary.
      Why and how we process your information
      To provide customer support and respond to customer enquiries e.g. via the submission form on our customer support page, Answer Bot or if you raise a customer support ticket to report an issue.

      Once we have removed all Personal Data from a customer support ticket that you have raised, to use the anonymised information for other related purposes including troubleshooting, data analysis, testing, security, and research.
      Types of Personal Data Used
      • Personal identifiers and contact information 
      • Any information/selections that you choose to upload or share through the Services or that you choose to tell us or a Goodnotes staff member, including the contents of any enquiries.
      • Customer Support Data
      Legal basis relied upon
      Legitimate interests, namely it is in our interests to respond to customer enquiries, remedy any issues with the Services and to remove Personal Data from customer support tickets so that we can use the anonymised information for troubleshooting, data analysis, testing, security and research.

      We may also need to process your Personal Data to comply with our legal obligations.
      Why and how we process your information
      To monitor your use of: (i) digital products (including planners, notebooks and stickers); and (ii) digital textbooks through digital rights management solutions.
      Types of Personal Data Used
      • Personal identifiers and contact information 
      • Information that we automatically collect or generate about you e.g. whether you have attempted to take a screenshot of a digital product or textbook page.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests and your interests for us to ensure the protection of our intellectual property and that of our third party partners.

      We may also need to process your personal data to comply with our legal obligations
      Why and how we process your information
      To allow you to register and participate in sweepstakes or contests.
      Types of Personal Data Used
      • Personal identifiers and contact information.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests and your interests for us to be able to inform you about and allow you to participate in any of our sweepstakes and contests and for other promotional, marketing and business purposes.We will obtain your consent (or ensure we can rely on soft opt-in consent) prior to sending you marketing communications.
      Why and how we process your information
      Storing your details (and updating them when necessary) on our database, so that we can contact you in relation to our activities including changes to our terms or policies or modifications to the products or other important notices.
      Types of Personal Data Used
      • Personal identifiers and contact information.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests and your interests to ensure we have an accurate record of all of our End Users so that we can communicate with them.
      Why and how we process your information
      To communicate with you in order to provide you with the Services or information about us and the Services.
      Types of Personal Data Used
      • Personal identifiers and contact information.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests and your interests to ensure we have an accurate record of all of our End Users so that we can communicate with them.
      Why and how we process your information
      To allow us to tailor the information you see so that it is of most relevance to you.
      Types of Personal Data Used
      • Personal identifiers and contact information 
      • Any information/selections that you choose to upload or share through the Services or that you choose to tell us or a Goodnotes staff member
      • Information that we automatically collect or generate about you
      • Information we obtain from other sources.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests and your interests to increase the relevance of the content that you see when using our Services and when we communicate with you.
      Why and how we process your information
      For optimising the Services and your experience using the Services, and for ongoing review and improvement of the information provided on the Services to ensure that it is user friendly.
      Types of Personal Data Used
      • Personal identifiers and contact information 
      • Diagnostic data 
      • Information that we automatically collect or generate about you 
      • Information we obtain from other sources.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests and your interests to manage and maintain our provision of the Services to you.
      Why and how we process your information
      To take measures to protect against and try to prevent any potential disruptions or cyber-attacks.
      Types of Personal Data Used
      • Personal identifiers and contact information 
      • Diagnostic data.
      Legal basis relied upon
      Legitimate interest, namely it is in our interests that the provision of the Services is uninterrupted and secure from any cyber-attacks.
      Why and how we  process your  information
      To understand your needs and interests and, where you have provided your consent, to send you marketing communications about our Services.
      Types of Personal Data Used
      • Personal identifiers and contact information
      • Diagnostic data
      • Any information / selections that you choose to upload or share through the Services or that you choose to tell us or a Goodnotes staff member
      • Information that we automatically collect or generate about you
      • Information we obtain from other sources.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests and your interests to manage and maintain the provision of the Services to you.

      We will obtain your consent (or ensure we can rely on soft opt-in consent) prior to sending you marketing communications.
      Why and how we  process your  information
      To carry out data driven marketing via our use of Cookies and similar technologies to enable Goodnotes and its business partners to track your engagement with the website and our Services for profiling purposes so that we can personalise the marketing content that you receive from us (where you have consented to such marketing) and carry out targeted advertising activities, including via Goodnotes adverts and other content that you see on third-party websites.
      Types of Personal Data Used
      • Personal identifiers and contact information
      • Diagnostic data
      • Information that we automatically collect or generate about you
      Legal basis relied upon
      To the extent that these marketing activities involve the use of Personalisation and/or Targeted Advertising Cookies, we will obtain your opt-in consent in accordance with our Cookies policy.  Notwithstanding our collection of consent in relation to our use of Personalisation and Targeted Advertising Cookies, we will rely on the legitimate interests condition in relation to the personalisation and targeting advertising activities that we carry out as we consider that it is in our interests  to increase engagement with and improve the experience of using our Services by increasing the relevance of the content that you receive from us and see across our advertising campaigns.
      Why and how we  process your  information
      To provide lists of certain customers' data to Google to enable us to engage with these customers through their Google-affiliated accounts and to find an audience of people with similar characteristics or demographics to these customers for our marketing purposes ("Customer Match").Google's policy is to irreversibly hash such lists prior to use and match the hashed data against their own customers.
      Types of Personal Data Used
      • Personal identifiers and contact information
      • Diagnostic data
      • Information that we automatically collect or generate about you (advertising identifiers)
      Legal basis relied upon
      We will share lists of customers' data with Google in reliance on the legitimate interests legal basis, namely it is in our interests to identify and target advertisements to our existing customers and potential customers who share characteristics or demographics with our existing customers. To the extent that these marketing activities involve the use of Targeted Advertising Cookies, we will obtain your opt-in consent in accordance with our Cookies policy.
      Why and how we process your information
      To provide you with technical and other support.
      Types of Personal Data Used
      • Personal identifiers and contact information
      • Diagnostic data 
      • Any information/selections that you choose to upload or share through the Services or that you choose to tell us or a Goodnotes staff member
      • Emails that may be recorded.
      Legal basis relied upon
      Legitimate interests, namely to ensure that your access to the Services is continuous and satisfactory.
      Why and how we process your information
      For the management and administration of our business or in relation to a sale, reorganization, financing or other similar corporate transaction involving our business.
      Types of Personal Data Used
      • Personal identifiers and contact information
      • Diagnostic data
      • Any information/selections that you choose to upload or share through the Services or that you choose to tell us or a Goodnotes staff member
      • Information that we automatically collect or generate about you
      • Information we obtain from other sources
      • Emails that may be recorded.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests to ensure that a smooth handover or transition takes place in the context of such a transaction to enable you to continue to receive the Services.
      Why and how we process your information
      In order to comply with and in order to assess compliance with applicable laws, rules and regulations, subpoenas, legal processes, governmental requests, and internal policies and procedures.
      Types of Personal Data Used
      • Personal identifiers and contact information
      • Diagnostic data
      • Any information/selections that you choose to upload or share through the Services or that you choose to tell us or a Goodnotes staff member staff member
      • Information that we automatically collect or generate about you
      • Information we obtain from other sources
      • Emails that may be recorded.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests for us to be enabled to establish and evidence compliance with compliance with applicable laws, rules and regulations, subpoenas, legal processes, governmental requests, and internal policies and procedures. We may also need to process your personal data to comply with our legal obligations.
      Why and how we process your information
      For the administration and maintenance of our databases storing Personal Data.
      Types of Personal Data Used
      • Personal identifiers and contact information 
      • Diagnostic data 
      • Any information/selections that you choose to upload or share through the Services or that you choose to tell us or a Goodnotes staff member 
      • Information that we automatically collect or generate about you 
      • Information we obtain from other sources
      • Emails that may be recorded.
      Legal basis relied upon
      Legitimate interests, namely to ensure that our databases are up to date and adequately maintained so that the provision of the Services and our business runs smoothly.
      Why and how we process your information
      To detect, prevent, or otherwise address fraud, security or technical issues.
      Types of Personal Data Used
      • Personal identifiers and contact information 
      • Diagnostic data 
      • Any information/selections that you choose to upload or share through the Services or that you choose to tell us or a Goodnotes staff member 
      • Information that we automatically collect or generate about you 
      • Information we obtain from other sources 
      • Emails that may be recorded.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests for us to detect, prevent and address fraud, security and technical issues to ensure that we are in compliance with applicable laws and regulations, and that the provision of the Services and our business runs smoothly.
      Why and how we process your information
      To help us to establish, exercise, or defend legal claims.
      Types of Personal Data Used
      • Personal identifiers and contact information
      • Diagnostic data 
      • Any information/selections that you choose to upload or share through the Services or that you choose to tell us or a Goodnotes staff member 
      • Information that we automatically collect or generate about you 
      • Information we obtain from other sources 
      • Emails that may be recorded.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests for us to be enabled to establish and defend our legal rights and understand our obligations, and seek legal advice in connection with them.
      Why and how we process your information
      To help us provide and improve the Goodnotes AI features including by training the AI model that powers the Goodnotes AI features, and carrying out analytics to better understand queries/prompts from different types of users and to troubleshoot issues.
      Types of Personal Data Used
      • Any feedback that you provide to us in relation to or when using the Goodnotes AI features
      • Conversation histories and notebook conversation logs of your interactions with us when using the Goodnotes AI features
      • Any Inputs that you submit into and any Outputs generated by the Goodnotes AI features
      • Any other data contained in your Notebook and Library that you access when using the Goodnotes AI features
      Legal basis relied upon
      We will obtain your explicit opt-in consent to collect, use, store, share and otherwise process personal data relating to your use of the Goodnotes AI features (to the extent this is required by applicable data protection legislation).
    5. Website Users
      Why and how we process your information
      To keep a record of your enquiries and suggestions and so that we can respond to them.
      Types of Personal Data Used
      • Personal identifiers and contact information
      • Any information/selection that you choose to upload or share through the Services or that you choose to tell us or a Goodnotes staff member.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests and your interests for us to consider and respond to enquiries and suggestions that you submit to us.
      Why and how we process your information
      To help us to improve your experience when using our website and to help us manage the services we provide.
      Types of Personal Data Used
      • Information that we automatically collect or generate about you.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests and your interests to manage and maintain our provision of our website to you.
      Why and how we process your information
      When you complete form submissions on our website.
      Types of Personal Data Used
      • any information/selections that you choose to upload or share through the Services or that you choose to tell us or a Goodnotes staff member
      • Personal identifiers and contact information
      • Emails that may be recorded.
      Legal basis relied upon
      Legitimate interests, namely it is in our interests and your interests to manage and maintain our provision of our website to you.

  3. 3. Who is my data disclosed to?

    1. We may disclose your Personal Data to other companies within our group for the purposes set out in "What is this data being used for?" above, as well as to law enforcement and regulatory agencies as may be required by law.
    2. If you use certain features in the Services, such as collaboration features, the following information will be made visible to any other person who accesses the note or document that you have shared for collaboration via Link Sharing:
      1. your name, account ID and email address;
      2. your usage metrics, including the time that you accessed the note or document and related insights about how you have interacted with the note or document; and
      3. any Personal Data contained in the content note or document that you share.
      We will not share your information this way unless you direct us to do so through your use of the Services.If you are an B2B User (or an authorised licensee of an B2B User whose Personal Data we are processing as a processor on behalf of an B2B User) and you create and/or sign in to the Services using an account with an email address associated with your employer or organisation, we may share your name and email address with our other users within your organisation who have the same domain. This enables other users to discover and identify you when searching for contacts, collaborators, or connections. Users may also use this functionality to invite others to sign up to the Services if they have not already signed up
    3. When you create notes or documents when using the Services, these are stored on the Goodnotes application on your device - Goodnotes does not store your notes or documents on its own servers and does not access or collect such data without your permission. However, if you back up your notes or documents by using relevant functionalities that we provide, your data may be shared with third parties as follows:
      1. If you use Goodnotes Cloud to back up the notes or documents that you have uploaded onto the Goodnotes application or other Services (by turning on auto-backup on a compatible device), any Personal Data contained within these notes or documents will be saved on Goodnotes Cloud and therefore shared with the third parties that we use to power the infrastructure for Goodnotes Cloud. These third parties may be located in a country outside the UK and/or EEA – please refer to section 5 (International transfers of Personal Data) below. If you make any changes to any of your notes or documents (including to any Personal Data) that you have backed up on Goodnotes Cloud, we will automatically replace that copy in your cloud storage by sharing your updated notes and documents with the third parties that power the infrastructure for Goodnotes Cloud, so that your notes and documents are always up to date. We will not, however, access or collect data (including any Personal Data) from your notes or documents irrespective of whether they are stored on Goodnotes Cloud.
      2. We provide optional functionalities which allow you to sync your notes and documents on the Goodnotes application to your iCloud account. If you enable iCloud sync on a compatible device, any Personal Data contained within your notes or documents will be shared with iCloud so that any edits that you make to your notes and documents are saved on iCloud in real-time.
    4. We may disclose and transfer your Personal Data to our agents, contractors or vendors ("Service Providers"). When we do this, we will ensure that they are under a duty of confidentiality to us and we have imposed contractual obligations to ensure they can only use your Personal Data to provide agreed services to us and to you. Such Service Providers may provide administrative, data processing or other similar services to us to enable us to better provide the Services.
    5. We may provide your Personal Data to actual or proposed assignees or transferees of our rights with respect to you in connection with a merger, sale or transfer (whether of assets or shares), reorganization, liquidation or dissolution of a company within our group, or steps taken in anticipation of such events (e.g., due diligence in a transaction). In such cases, information will be only be shared where necessary.
    6. In particular, certain of the specific third parties that we disclose data to include:
      • In order to log aggregated statistical, non-Personal Data, we use Google Analytics for Firebase.
      • We use Mailchimp for sending newsletters and tips and tricks to subscribers that subscribe voluntarily.
      • To collect feedback and ideas in our idea forum, we use the service provided by UserVoice. In order to submit feedback to the forum, an account with UserVoice will need to be created.
      • We use Amazon Web Services to power the infrastructure for Goodnotes Cloud.
      • We use Datadog to collect diagnostic and usage data and monitor the infrastructure for Goodnotes Cloud. 
      • We provide optional functionalities which allow you to sync your files on the Goodnotes application to your iCloud account.
      • We use Mixpanel and Amplitude to collect information about the usage of our app to maintain and improve the Goodnotes application, our products and services. and features.
      • We use externally trained AI models, in particular large language models and embedding models incorporated into services provided by third parties such as Amazon Web Services and Microsoft to provide the functionality for Goodnotes AI and to assist us with other processes such as removing personal data from and summarising the contents of customer support tickets. We may also work with these third parties to test and develop these AI models.
      • We use a digital rights management solution to monitor the use of certain digital products released on Goodnotes Marketplace.
      • We may use Zendesk by Zendesk Inc. Zapier bij Zapier Inc. and other third party providers (which may incorporate externally trained AI models) to provide you with customer support services (including handling customer support emails, online submission of customer enquiries and customer support tickets, Answer Bot functionalities on Goodnotes Help Centre and the chatbot on the Goodnotes Marketplace FAQ page).
      • We use Paddle to assist us with processing payments data.
      • We use HubSpot to assist us with processing the data of our B2B Users for CRM purposes, including marketing activities.
      • We may use Braze or other third party providers to notify you of important events about the Services and provide you with an enhanced user experience when using the Services.
      • We may use Sprig, UserTesting, Google Forms, Lyssna and other third party tools from time to time for user research purposes.
      • We may use Hex and StreamNative, third-party service providers, to support the operation of our Services. Hex assists with data analysis and visualization to improve our internal decision-making, while StreamNative provides data streaming infrastructure to facilitate real-time processing within our cloud environment.

  4. 4. Retention Process

    1. How long we will hold your Personal Data for will vary and will be determined by the following criteria:
      • the purpose for which we are using it – we will need to keep your Personal Data for as long as is necessary for that purpose; and 
      • legal obligations – laws or regulation may set a minimum period that we have to keep your Personal Data.

  5. 5. International transfers of Personal Data

    1. We are a global business. Our customers and our operations are spread around the world. As a result, we collect and transfer Personal Data on a global basis. That means that we may transfer your Personal Data to locations outside of your country.
    2. When we transfer your Personal Data to another country outside the UK and/or EEA, we will ensure that it is protected and transferred in a manner consistent with legal requirements. In relation to data being transferred outside the UK and/or EEA, for example, this may be done in one of the following ways:
      • the country that we send the data to might be approved by relevant data protection authorities as offering an adequate level of protection for Personal Data; 
      • the recipient might have signed up to a contract based on “model contractual clauses” approved by relevant data protection authorities, obliging them to protect your Personal Data; 
      • the recipient may have adhered to binding corporate rules; or 
      • In other circumstances the law may permit us to otherwise transfer your Personal Data outside Europe.
    3. You can obtain more details of the protection given to your Personal Data when it is transferred outside the UK and/or EEA (including a copy of the standard data protection clauses which we have entered into with recipients of your Personal Data) by contacting us as referred to in the “More Questions” section below.

  6. 6. Keeping your data secure

    1. We will use technical and organisational measures designed to safeguard your Personal Data, for example:
      • access to your membership, if you register with us, is controlled by your email and a password that is unique to you; 
      • we encrypt your Personal Data; 
      • any Personal Data that we process or store is done on secure servers.
    2. All processing of your Personal Data shall be conducted according to the data protection principles as follows:
      • Personal Data must be processed lawfully, fairly and transparently; 
      • Personal Data must be accurate and kept up to date with every effort to erase or correct; 
      • Personal Data must be processed in a manner that ensures the appropriate security.
    3. In addition, we have appropriate security measures in place designed to prevent Personal Data from being accidentally or unlawfully lost, used or accessed. We limit access to your Personal Data to those who have a genuine business need to access it. We take steps designed to ensure that those processing your Personal Data will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to respond to data security breaches. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

  7. 7. Information about other individuals

    1. If you give us information on behalf of someone else, you confirm and represent that you have the consent of such person to do so and such person has appointed you to act on his/her behalf to:
      • give consent on his/her behalf to the processing and transfer of his/her Personal Data; and 
      • receive on his/her behalf any notices relating to data protection.

  8. 8. Third Party Websites

    Our Services may contain links to other websites operated by third parties and may include social media features such as Facebook, Twitter, YouTube, and Instagram buttons or links. You may also submit content to our blog through Medium. These third-party websites may collect information about you if you click on a link or visit those websites, and the social media sites may automatically record information about your browsing behaviour every time you visit a website with a social media button. Your interactions with these features and third parties are governed by the privacy policy of the third party, not by this Policy.

  9. 9. Your rights Under the GDPR

    1. Under certain circumstances, you may have rights under data protection laws in relation to your Personal Data, which you can exercise free of charge. These rights include:
      • The right to know whether we hold your Personal Data and to request access to your Personal Data held by us.
      • The right to withdraw your consent to the processing of your Personal Data at any time. Please note, however, that we may still be entitled to process your Personal Data if we have another legitimate reason for doing so. For example, we may need to retain Personal Data to comply with a legal obligation.
      • The right to request that we rectify your Personal Data if it is inaccurate or incomplete.
      • The right to request that we erase your Personal Data in certain circumstances. Please note that there may be circumstances where you ask us to erase your Personal Data, but we are legally entitled to retain it.
      • In some circumstances, the right to receive the Personal Data you provided to us in a structured, commonly used and machine-readable format and/or to instruct us to transmit that data to a third party.
      • The right to object at any time to your Personal Data being processed for direct marketing and in other certain circumstances, such as if we change our legitimate interests from the basis on which we initially collected and processed your Personal Data.
      • The right to request that we restrict our processing of your Personal Data in certain circumstances. We can only continue to store your data, and will not be able to carry out any further processing activities with it until either: (i) you consent; or (ii) further processing is necessary for either the
      • establishment, exercise, or defence of legal claims, the protection of the rights of another individual, or reasons of important EU public interest.
      • The right to lodge a complaint with the relevant data protection regulator if you think that any of your rights have been infringed by us.
    2. If you wish to exercise any of the above rights, or make any related complaint or request in relation to your Personal Data, please contact us by using the contact details in the “How to Contact Us” section below. You may also exercise some of your rights (e.g. the right to request that we erase your Personal Data) via the Goodnotes application. If we are processing your Personal Data as a processor on behalf of an organisation (e.g. if you are an authorised licensee of an B2B User), you may need to submit your request directly to that organisation.
    3. Further information about your rights may be obtained by contacting the supervisory data protection authority located in your jurisdiction.

  10. 10. Children

    Children under the age of 16 are not permitted to sign up by themselves for the Services.

  11. 11. California Residents

    Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”), California residents have certain rights regarding their “personal information” (as that term is defined under the CCPA). For a copy of our privacy notice to residents of California (United States), please go to our supplemental California Privacy Notice. Please refer to our supplemental California Privacy Notice for additional information about our activities and data practices subject to the CCPA.

  12. 12. Virginia Residents

    Under the Virginia Consumer Data Protection Act (the “VCDPA”), Virginia residents have certain rights regarding their “personal data” (as that term is defined under the VCDPA). For a copy of our privacy notice to residents of Virginia (United States), please go to our supplemental Virginia Privacy Notice.

  13. 13. Who is responsible for processing your Personal Data

    Details of the controller and company responsible for compliance with this Policy are set out in Annex 1.

  14. 14. Cookies

    To the extent that we collect Personal Data with the help of Cookies (which are small text files that include a small quantity of information sent to the browser of users, by a web server, and stored on the hard disk drive of a computer for purposes of archiving, collecting navigation data for statistical analysis purposes, and offering services related to your interests or location), in combination with similar technologies such as tracking pixels, local storage objects and similar devices which distinguish you from other users (collectively, "Cookies" unless otherwise noted), we will process it in accordance with this Policy and our Cookies Policy which can be found at Cookies Policy.

  15. 15. More questions

    1. We commit to resolving complaints about our collection or use of your Personal Data. Individuals with inquiries or complaints should first contact support@goodnotes.com.
    2. You also have a right to lodge a complaint with a competent supervisory authority situated in a member state of your habitual residence, place of work, or place of alleged infringement.

  16. 16. Changes to this policy

    The Company reserves the right to make changes to this Policy at any time by giving notice to its users on the site, the Goodnotes application, or as notified by us to you (by email for example), where possible. We recommend checking this page to stay up to date with the latest changes.

  17. ANNEX 1 – HOW TO CONTACT US

    The Goodnotes entity responsible for processing your Personal Data will depend on which of the below companies is the counterparty associated with the relevant arrangement

    How you can get in touch with us: 

    • to access, amend or take back the Personal Data that you have given to us; 
    • if you suspect any misuse or loss of or unauthorised access to your Personal Data; 
    • to withdraw your consent to the processing of your Personal Data (where consent is the legal basis on which we process your Personal Data); or 
    • with any comments or suggestions concerning this Policy.
    Goodnotes Limited
    You can write to us at the following address:
    legal@goodnotesapp.com at 1 Bartholomew Lane, London, United Kingdom, EC2N 2AX.

    Alternatively, you can send an email to: support@goodnotes.com.

Legal

Terms and Conditions
Privacy Policy
California Privacy Policy
Virginia Privacy Notice
China Addendum Privacy Policy
Hong Kong Addendum Privacy Policy
Cookie Policy
Take Down Requests Notice
Terms of Use for Marketplace
Goodnotes Classroom License Agreement and Data Processing Agreement for Schools
Data Processing Addendum
Goodnotes for Business End User License Agreement (EULA)
Supplementary Terms and Conditions for AI Beta Features
Supplementary Privacy Notice for AI Beta Features